I'm studying for this exam identity & access management. The question is what is the difference between one way authentication and mutual authentication? Our prof says mutual is TLS but if I search on the internet TLS is also one way authentication... So I'm a bit confused
What's the difference between one way authentication and mutual authentication. And give some examples
4k Views Asked by Bert Baeckelmans At
2
There are 2 best solutions below
0
On
I have implemented both one-way and mutual SSL in Applications hosted on Java and Webmethods technology. In One-way authentication, there is a server certificate that the client receives, trusts it (registers it) and sends back a secret along with the server certificate. Hence, a successful SSL Handshake occurs. In mutual SSL, in addition to trusting the Server Certificate, the Client also provides it's own certificate to the Server. Hence, a mutual trust is maintained between the Server and the Client after which the secrets are transferred.
TLS is a protocol for guaranteeing security in the exchange of information. It is used in particular on the HTTP protocol. The TLS protocol allows both unilateral authentication and bilateral authentication (or mutual authentication). Recently I published on GitHub a project that implements a system of Mutual Authentication based on Apache 2.4 and the TLS 1.2 protocol. https://github.com/amusarra/docker-apache-ssl-tls-mutual-authentication/
The attached image shows the call to a REST service in mutual authentication